Tuesday, May 1, 2018

Why Most People Don’t Use Password Managers… And How We’re Changing Their Minds

Why do we continue to reuse passwords, use short, easy-to-guess combinations, and save them on our desktops rather than use password managers? The answer lies in the nature of passwords themselves.

While they’re a necessary measure we take keep valuable information safe online, passwords also act as “speed bumps” disrupting the flow of the online experience. And the fact is, many of us would rather compromise on security than convenience...

As dangerous as that is, the alternative - entering a master password every time we log in using a high-security password manager - takes too great a toll on our online experience. The ease - and vulnerability - of weak and multiple-account passwords, insecure browser password managers, or cloud server-based password managers that have been hacked in the past becomes nearly impossible to resist.

So the passwords we create leave us vulnerable, our online experience is riddled with inconvenience, and the password managers that are easiest to use are vulnerable themselves.

As software engineers with cybersecurity expertise in Seattle, we understand that in order to be effective, password security needs to be both practical and trustworthy enough for users to actually stick with it. We aimed to build the best tool for the job when we developed KeyReel Password Manager.

KeyReel provides the awesomeness of autologin, keeps credentials safely offline, and avoids the inconvenience of frequent master password entry... without the use of a cloud server. It’s high-security password management everyone actually enjoys, and we’re relaunching it publicly today.

Far more secure than the typical laptop, when a user installs KeyReel the iPhone becomes the perfect portable password notebook where all passwords are stored offline in a single encrypted vault. But the magic lies in its pairing with the Mac via encrypted Bluetooth connection.

KeyReel senses when a user browses to a login screen and instantly transfers the appropriate AES-encrypted credentials from the phone directly to the browser. And when the user picks up the phone and leaves the computer behind, the Bluetooth connection breaks once out of range, but credentials stay offline with its owner. It’s the keyless entry experience of a luxury car, for the internet - but much safer.

We designed KeyReel so users will never have to enter a master password again. But for certain sites, two or more authentication factors are always better than one. Rather than SMS, the phone’s TouchID or PIN code can allow KeyReel to provide a further layer of protection when a user logs in to banking, e-commerce, and other sites where critical personal data is stored.

And no matter what happens to the phone, password data remains encrypted and inaccessible without a Bluetooth connection to the computer KeyReel is paired with. If a user sets up a backup password vault on their Mac, KeyReel’s password data will be available to use on the new phone, too.

A strong, unique password can take today’s fastest machines years to decode. It’s the best defense we have against hackers, viruses, identity theft, and spying - even better than biometric authentication. Since we believe everyone should be able to easily marshall that defense and prevent nearly all attempts to get around it, KeyReel is also completely free.

Feedback from our beta users and early adopters has shaped KeyReel throughout its development, and with our relaunch, we welcome even more.

Anyone with a Mac and an iPhone can join the growing number of people who use KeyReel to enjoy the freedom of browsing in comfort and security right now - and spread the word. Now’s also the time to sign up to be the first to know when KeyReel for Android is released, which will be soon. Together, we’re going to change the world of personal password management for the better, the safer, and the simpler.